Operation Sea Elephant: The Dying Walrus Wandering the Indian Ocean

SUMMARY :

The CNC group, with South Asian origins, has been targeting domestic teachers, students, and research institutions. Their operation, named 'sea elephant', aims to spy on scientific research achievements in the ocean field. The group employs various tactics, including spear-phishing emails, IM software exploitation, and customized plug-ins. Their malware includes remote command execution backdoors, USB flash drive propagation tools, keyloggers, and file stealers. The attackers use GitHub APIs and steganographic techniques to avoid detection. The operation's focus on ocean-related research suggests a nation's determination to dominate the Indian Ocean region. Additionally, a related campaign, UTG-Q-011, targets areas such as laser science and aerospace.

OPENCTI LABELS :

keylogging,steganography,south asia,usb propagation,file stealing,sogou_pinyinupdater.exe,scientific espionage,tericerit.exe,srclogsys.exe,cachestore.exe,github api,konlinesetupupdate_xa.exe,ocean research,windowassistance.exe,huaweihisuiteservice64.exe,filecoauthx86.exe,aliyun_updater64.exe,youdaogui.exe,mscleanup64.exe,windowsfilters.exe,qaxreporter.exe


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Operation Sea Elephant: The Dying Walrus Wandering the Indian Ocean